======================================================================== SECURITY ADVISER: WAYNE RASH http://www.infoworld.com ======================================================================== Thursday, August 26, 2004
Network protection commentary by: Wayne Rash THE QUEST FOR PERFECT SECURITY By Wayne Rash Posted August 20, 2004 3:00 PM Pacific Time THE BERMUDA TRIANGLE -- Before I left northern Virginia for my vacation, I decided to make my office and lab completely invulnerable to anything that could be a worm, virus, or even a highly skilled hacker attack. And I accomplished it. ADVERTISEMENT -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Can your network see trouble coming? Keep your network and business ahead of the curve. Activate your subscription to AT&T Networking Views. Activate Here http://newsletter.infoworld.com/t?ctl=852415:2B910B2 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Now, as the Grandeur of the Seas slides gently through this storied part of the Atlantic Ocean, I can pad around the pool deck in my flip-flops in search of umbrella drinks knowing that nothing bad can happen to my small enterprise. Of course, that's because nothing at all will happen to it. Before leaving I shut down everything from workstations and servers to printers and routers. The connection to the Internet is disconnected. I even shut down power to everything but the lab's security system, which I switched to its most paranoid setting. My office and lab are now safe, barring meteor strikes or earthquakes of San Francisco proportions. But there's another reason that I wanted to shut things down. SP2 (Service Pack 2) is out there. Now, don't get me wrong. I think that Microsoft's new Service Pack 2 for Windows XP is vital. This massive (260-plus megabyte) download addresses most of the criticisms of XP's security, and you'd be out of your mind not to have it installed. That is, once you know it works. And that's the problem. Already reports are surfacing that some applications, including some Microsoft apps, won't work with SP2. At this point, with the release so new and with so few other users having installed it, there's no way to tell for sure what will and what won't work. So when I return, I'll install it on a few test systems and then see what happens. In the meantime, I'd prefer to keep it off any computers that I depend on. This illustrates the conundrum of patch management. You know you need the patches, but you're not sure you dare apply them. And you especially don't want to apply anything as major as SP2 without at least making sure it will work in your environment. Fortunately, you can at least get started by applying major patches to machines that have the probability of trouble and the highest risk. A good example: the computers you assign to workers who use them for basic office tasks and things such as Web surfing and e-mail. Those workers that have the most contact with the outside world are more likely to be infected; they use standard productivity software (Microsoft Office, for example), which means the patch will probably work. Even if these machines go down, users can continue their work on another computer while you fix the problem. Once you have some experience with SP2 on the obvious targets, you'll also know more about how it works in your enterprise. In addition, other companies will have started using the update, and you'll be able to find out about potential problems. And, of course, Microsoft will have released its inevitable patches to the service pack. After the first couple of rounds of updates to the update are out, you can feel more confident that SP2 is safe for your enterprise. At that point, you should start applying SP2 to the rest of your network. After all, this fix is vital, and you shouldn't delay any longer than necessary. But making sure it will work for you is necessary, so that delay is also vital. And speaking of vital, the time has come for something tall and cold, with an umbrella. I'll try to remember to think about SP2 for the rest of this week. Really. I promise. But right now there's an empty chair near the pool that's calling my name. Wayne Rash is a senior analyst at the InfoWorld Test Center. ======================================================================== Keep Up with the (Dow) Joneses - and Everyone Else InfoWorld Test Center technical director Tom Yager knows lots of technologies, companies, and strategies. That's why you're likely to find out about something you didn't know in every issue of his free weekly Enterprise Strategies newsletter. From how to pick ASPs to the marriage prospects of P-to-P and B2B. Hey - every good idea is working for somebody, maybe even your competition. Subscribe at http://newsletter.infoworld.com/t?ctl=852411:2B910B2 ADVERTISE ======================================================================== For information on advertising, contact [EMAIL PROTECTED] UNSUBSCRIBE/MANAGE NEWSLETTERS ======================================================================== To subscribe, unsubscribe or change your e-mail address for any of InfoWorld's e-mail newsletters, go to: http://newsletter.infoworld.com/t?ctl=852412:2B910B2 To subscribe to InfoWorld.com, or InfoWorld Print, or both, or to renew or correct a problem with any InfoWorld subscription, go to http://newsletter.infoworld.com/t?ctl=852414:2B910B2 To view InfoWorld's privacy policy, visit: http://newsletter.infoworld.com/t?ctl=852413:2B910B2 Copyright (C) 2004 InfoWorld Media Group, 501 Second St., San Francisco, CA 94107 This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
